Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This morning I installed the latest Drupal 6 Core because of the security issue, and also upgraded to the latest Secure Pages.
This has caused some strange behavior on my site.
1) With "Switch back to http pages when there are no matches" checked, Secure Pages never switches to https mode when the user is running Safari! It works fine on Firefox.
2) With "Switch back to http pages when there are no matches" unchecked, Secure Pages "sticks" in https mode once it has to go to a secure page, which AFAICT is the expected behavior. However, when running on Safari, when you go between pages, you will often see repeated page loads between secure and insecure before it ends up where it "should" end up (except that sometimes it doesn't!) -- but it's not 100% reliable (or perhaps it happens so fast that Safari doesn't visibly update)
For example:
Load first page (http) : loads in http
Move to second page (http expected) : loads in http
Move to secure page: loads http, redirects to https
Move to second secure page via link click: loads https
Move to 3rd secure page (via form button click, so it's a post, maybe that's part of it): loads http, reloads https
Move to homepage (which normally would be http, but because no matches unchecked, should now be secure): http, https, http! This was a "/home" link, not a fully-specified link.
Move to another normally http page, from the homepage which is http but you would expect it to be https): http, reloads https!
Back to the homepage via /home: http,https,http!
Firefox, doing the same sequence, works as you would expect... once it gets into https mode, it sticks there. It may be doing weird stuff under the hood though.
My settings are:
Secure pages enabled
"Switch back to http pages when there are no matches" unchecked
Make secure only the listed pages:
*/activity
*/edit
cart
cart/*
admin
admin/*
user
users/*
aeadmin
aeadmin/*
uc_paypal
uc_paypal/*
Ignore pages:
*/autocomplete/*
*/ajax/*
jifupload/*
finder/*
Color me confused at this point.
Comments
Comment #1
MadOverlord CreditAttribution: MadOverlord commentedComment #2
angleet CreditAttribution: angleet commentedI am having a similar issue. It works fine in Chrome, but not in Safari or Firefox. Did you ever find a solution?
Comment #3
DaPooch CreditAttribution: DaPooch commentedDo you have a strict-transport-security header set by your webserver? That was causing me similar issues.